SOBRE ESTE BLOG

Forum for those Learning about Leading IBM Application Security Tricks, Scripts and Tools and Kits for AppScan Source for Analysis ...Customizing, Integrating, Sniffing, Snooping and Hijacking your way to joy.

Identificações

The AppScan Security Appliance - How The Mainframe Can Transform Application Security

IBM Security Systems Has All The Artillery To Dominate the Security Battlefield

It just needs to be deployed properly..

→ Some factors that may explain the current state of the application security maturity [extremely low]:

Development organizations
continue to lack the necessary security training and processes to
translate 'security requirements' into a secure design with
appropriate unit tests.

The intense pace development of
new technologies and migration of existing applications to new
platforms is leaving a wide open chest of vulnerabilities for
hackers to exploit.

Vendors of the leading
technologies for security code review, static and dynamic
analysis, have yet to fulfill their promise of a combined set of
actionable and defensible results.

Security teams typically have
considerable background in network analysis and penetration
testing but rarely have the level of programming skills that are
necessary to effectively review, prioritize and discuss results
and recommendations with developers.

The AppScan Appliance Solution:

→
Shifts the
burden of scanning (configuration, tuning, filtering, verification,
prioritization) from the security team and / or development staff to
the AppScan Security Tunnel while ensuring appropriate code security,
i.e. source code in any form (IL or not) never leaves the premises!

Our first step should be to define what should the first PoC look
like?

What AppScan products would be in there?
What would be the workflows?
What already exists (in terms of APIs and Web Interfaces) with the
existing AppScan products?
What would need to be developed?
Where should the PoC be hosted?